Shasha encrypts files and appends the ".shasha" extension to their filenames. For instance, it renames "1.jpg" file to "1.jpg.shasha", "2.jpg" file to "2.jpg.shasha", and so on. Also, Shasha creates a ransom note, the "READ_ME.txt" file, and changes the desktop wallpaper. Screenshot of a messa
"SAFEMOON Giveaway" refers to a scam promoted on various deceptive sites. This scheme promises five times the return on the SafeMoon cryptocurrency users transfer to it. To elaborate, the scam requests users to invest at least 500,000,000 in SafeMoon by transferring it to the listed cryptowallet
Tthematt[.]xyz displays a fake CAPTCHA to trick visitors into clicking the "Allow" button and can open two, three questionable websites. There is a very low chance that users would open tthematt[.]xyz intentionally. This page shares similarities with cobwebcircle[.]site, press-news-for[.]me, and m
Akin to theresults.net, more*.biz, liffsandupa.xyz, goodsurvey.site, and countless others, hisqueost[.]xyz is a rogue site. This page is designed to load questionable material and/or redirect visitors to different (likely unreliable or malicious) websites. Most users enter such webpages through r
MegaUnit is an adware-type app with browser hijacker traits. Furthermore, due to the dubious methods used to distribute software products within these categories, they are also classified as PUAs (Potentially Unwanted Applications). MegaUnit has been noted being proliferated via fake Adobe Flash
Cobwebcircle[.]site is an untrustworthy website designed to open other sites of this kind and trick visitors into agreeing to receive its notifications. Cobwebcircle[.]site has the same purpose as theresults[.]net, robo-checker[.]top, aidraiphejpb[.]com, and a great number of other pages.
CRYPT is a malicious program belonging to the MedusaLocker ransomware family. It is designed to encrypt data and demand payment for the decryption. The locked files are appended with a ".CRYPT" extension. For example, a file initially titled "1.jpg" would appear as "1.jpg.CRYPT", "2.jpg" as "2.jp
Press-news-for[.]me promotes shady (potentially malicious) web pages and asks for permission to show notifications. There are lots of websites like press-news-for[.]me, some examples are theresults[.]net, robo-checker[.]top, and aidraiphejpb[.]com. Once opened, press-news-for[.]me asks for
Promoland[.]space is a deceptive website running various scams. At the time of research, it promoted a scheme targeting iPhone users with claims that their data may be at risk. It must be emphasized that no website can detect threats/issues present on visitors' devices; hence, any that make such
Phishing emails are used to trick recipients into providing personal information. Scammers behind them attempt to obtain credit card details, bank accounts numbers, social security numbers, login credentials, or other information. This phishing email is used to extract email login credentials via